HomePentest-Tools.com Logo

Netgear - Admin Credentials Disclosure & Remote Code Execution (CVE-2020-17409, CVE-2020-27866) (CVE-2020-17409, CVE-2020-27866)

Severity
CVSSv3 Score
8.8
Vulnerability description

Netgear router is affected by a Credential Disclosure vulnerability, located on the /setup.cgi endpoint. The root cause of this vulnerability consists in insufficient input validation of the HTTP request which allows remote unauthenticated attackers to request the plaintext admin user credentials from the mini_httpd service.

Risk description

The risk exists that a remote unauthenticated attacker could use the obtained credentials to exploit the CVE-2020-27866 vulnerability which grants the attacker Remote Code Execution capabilities by activating the debug mode that enables the telnet service on port 23. Using the leaked credentials, the attacker can access the target router remotely and obtain privileged unrestricted access. This fully compromises the router and the attacker is able to steal confidential information, install ransomware or pivot to the internal network.

Exploit capabilities

Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.

Recommendation

Consult the advisories provided by Netgear and install the latest non-vulnerable firmware.

Codename
Not available
Detectable with
Network Scanner
Exploitable with Sniper
Yes
Vuln date
Oct 2020
Published at
Updated at
Software Type
Networking product
Vendor
Netgear
Product
Router